[arch-general] Suggestions for email for a paranoid Archer
Menachem Moystoviz
moystovi at g.jct.ac.il
Thu Oct 11 11:46:36 EDT 2012
Thank you. The questions posed were quite enlightening, and showed me
that this needs a bit more thought.
> I believe first question you need to answer is: what is your threat model?
>
> Are you afraid of losing all your mails (backups)? Losing control over
> your email address? What are you going to do if you can't login to
> your mailbox tommorow? How much do you mind if someone else gain
> access to your old mails? Computer criminalists, government, rouge
> google admin, google scanning your emails content for targeted
> advertising (privacy / security)? Are delays in delivering mail
> acceptable? (there are more questions)
Off the top of my head, the most basic fears are loss of emails and
access, and people who aren't me or
who haven't received specific authorization from me reading my emails.
Delays are fine, as long as the mail gets out there.
> backups: getmail or imapsync and backup them like files
> control over mail address: buy your own domain, setup on your own
> server or something like google apps
Is buying the domain necessary? I can get five free subdomains on freedns.
I do own a server, which is, for a lack of a better place to put it, in my room.
> privacy / security: computer criminalists: good unique password,
> 2-factor authentication, use only trusted devices, don't do anything
> stupid
Sound advice. Bit of an issue since I don't control most devices available to me
and the other people using the devices I do control would be annoyed at the
measures I would take to secure it.
> privacy / security: government and google: use gpg to encrypt / sign
> your mails or setup your own server (with luks; remember, government
> can just steal your server from datacenter and there is nothing you
> can do about it)
Signing emails is something I've been wanting to set up for a while now.
How do I encrypt the mail on google's servers? It seems like my best choice
in this arena is trying to minimize the window of attack on google's servers
and strongly securing my own.
> I think your own domain + backups + google apps is pretty good setup.
> Secure, reliable, cheap and you can switch to other hosting without
> changing your email address. If you don't trust google or government
> (well, you shouldn't :P) then setup your own email box.
Doesn't google apps require you to install their apps on your server?
How would you migrate from them?
> Use cheap vps with static ip, it will be much easier. I doubt anyone
> keeps their mail server in home with dynamic ip.
Problem - as a high school graduate, I don't exactly have a steady source
of income. I could try to find income sources, but I'm not aware of what
cheap VPSs exist.
>
> --
> Krzysztof Warzecha
Again, thanks a lot. You have certainly clarified some of the issues I need to
think about.
Gesh
More information about the arch-general
mailing list